The OWASP Belgium chapter would like to invite you to the next meeting on 12 September 2012 in Leuven. This event is co-organized with the IWT-project SPION (security and privacy in online social networks).

Pre-program:

• 14h00 – 18h00: First SPION Technical Workshop

The agenda:

• 18h00 – 19h00: Pizza buffet with SPION demos on the side
• 19h00 – 19h15: OWASP Update (by Sebastien Deleersnyder, SAIT Zenitel, OWASP Board)
• 19h15 – 20h00: You Are What You Include: Remote JavaScript Inclusions (by Steven Van Acker, DistriNet, KU Leuven)
• 20h00 – 20h15: Break
• 20h15 – 21h00: Modern Information Gathering (by Dave van Stein, KZA bv)

Hosted by Distrinet Research Group (KU Leuven).

More information can be found at https://www.owasp.org/index.php/Belgium#Chapter_Meetings.

The Open Web Application Security Project (www.owasp.org) Belgium Chapter organizes their next Chapter meeting. OWASP’s all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards on application security. An example of this is the famous OWASP top ten of most critical web application security flaws. The OWASP community facilitates conferences, local chapters, articles, and message forums. Participation in OWASP is free and open to all, as are all the materials we produce.

June 16th 2011 (18h-21h)

Hosted by Deloitte
Address: Berkenlaan 8, 1831 Diegem

The agenda:

• 18h00 – 18h30: Welcome & Sandwiches
• 18h30 – 18h45: OWASP Update (by Sebastien Deleersnyder, SAIT Zenitel, OWASP Board)
• 18h45 – 19h45: The OWASP AppSensor Project (by Colin Watson, Watson Hall Ltd)
• 19h45 – 20h00: Break
• 20h00 – 21h30: How to become Twitter’s admin: An introduction to Modern Web Service Attacks (by Andreas Falkenberg, RUB)

More information can be found at http://www.owasp.org/index.php/Belgium#tab=Chapter_Meetings

Who should attend? Well, anyone interested in Web Application Security (management, security professionals, developers, students, etc). OWASP Belgium chapter membership is free. All meetings are free. There are never vendor pitches or sales presentations! at OWASP meetings.

Check our chapter page http://www.owasp.org/index.php/Belgium on meeting details, sign up to the chapter mailing list and introduce yourself.

Please register for the chapter meeting at https://www.regonline.com/owasp-belgium-2011-06-16

The Open Web Application Security Project (www.owasp.org) Belgium Chapter organizes their next Chapter meeting. OWASP’s all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards on application security. An example of this is the famous OWASP top ten of most critical web application security flaws. The OWASP community facilitates conferences, local chapters, articles, and message forums. Participation in OWASP is free and open to all, as are all the materials they produce. All meetings are free and there are never vendor pitches or sales presentations at OWASP meetings.

Details:
May 23rd 2011, 18h-21h

LCM
Haachtsesteenweg 579
1031 Brussel

Agenda:

• 18h00 – 18h30: Welcome & Sandwiches
• 18h30 – 18h45: OWASP Update (by Sebastien Deleersnyder, SAIT Zenitel, OWASP Board)
• 18h45 – 19h00: ISSA Update (by Clement Herssens)
• 19h00 – 19h45: Non-convential Attacks: Things your security scanners won’t find (by Tom Van Der Mussele, Verizon)
• 19h45 – 20h30: The Ghost of XSS Past, Present and Future – A Defensive Tale (by Jim Manico, Infrared Security)
• 20h30 – 21h00: Discussion: How CERT.be & OWASP can improve web application security in Belgium (by Christian Van Heurck, CERT.be)

More information can be found at http://www.owasp.org/index.php/Belgium#tab=Chapter_Meetings
Registration: https://www.regonline.com/owasp-belgium-2011-05-23

This year the Benelux OWASP event consists of a training day and a conference day. So you will be able to learn from specialists, attend talks from industry experts and network with peers.

The conference details:
- December 1, 2010: Training Day
- December 2, 2010: Conference Day
- Location: Fontys Hogeschool, Eindhoven, Rachelsmolen 1, 5612 AM
- Start at 09:30.

There is no fee to be paid to attend to the event, but we encourage you to become a OWASP member if you aren’t already a member!

Visit the conference website for more details: http://www.owaspbenelux.eu .

Some points on the agenda. For more info, please check the web site.

• Welcome and OWASP Update (by Eoin Keary, OWASP Board, E&Y and Seba Deleersnyder, OWASP Board, SAIT Zenitel)
• 0wning Networks with VoIP and Web attacks (by Radu State, University of Luxembourg)
• Privacy of file sharing service (by N Nikiforakis, Katholieke Universiteit Leuven)
• Clickjacking: an empirical study with an automated testing/detection system (by Marco Balduzzi, Eurecom)
• Attacking is easy, defending is hard (by Walter Belgers, Madison Gurkha)
• How not to design and implement a cash back system (by Thierry Zoller)
• The Social Networking Corporate Threat (by Chen Gour Arie, ComSec)
• The OWASP code review guide (by Eoin Keary, OWASP Board, E&Y)

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

The local Belgium chapter is lead by Sebastien Deleersnyder and their next chapter meeting is on September 21st in Leuven. Participation in OWASP is free and open to all, as are all the materials they produce.

September 21st 2010 18h-20h
Distrinet Research Group (K.U.Leuven).
Department of Computer Science (auditorium 00.225)
Celestijnenlaan 200 A
3001 Heverlee

The agenda:

• 18h00 – 18h30: Welcome & Refreshments
• 18h30 – 18h45: OWASP Update (by Sebastien Deleersnyder, SAIT Zenitel, OWASP Board)
• 18h45 – 19h45: Attacking and Defending the Grid (by Justin Searle)

The Smart Grid brings greater benefits for utilities and customer alike, however these benefits come at a cost from a security perspective. This presentation will explore how the increased functionality and complexity also increases the Smart Grid’s attack surface, or in other words, increases the ways attackers can compromise the Smart Grid’s new infrastructures, systems, and business models. We’ll discuss several specific attack avenues against the Smart Grid and recommendations for mitigating or blocking these attacks.

• 19h45 – 20h00: Break
• 20h00 – 21h00: How I Met Your Girlfriend (by Samy Kampkar)

The discovery and execution of entirely new classes of attacks executed from the Web in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and weak random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more.

More info: http://www.owasp.org/index.php/Belgium#tab=Chapter_Meetings

Today, we would like to introduce the Brussels JUG Forum. You can reach it via the ‘Forum’ link in the right sidebar.

The forum is intended for all kind of coordination issues (trips to external events, joint visits of conferences etc.), polls & surveys and project planning. The main communication and discussion channel is and remains our Google Group (i.e. mailing list) for the time being. All major forum sections are invisible for anonymous guests.

The forum is not reserved to Brussels JUG members! Every member of the Java community is welcome!

However, you must be either part of the Brussels JUG LinkedIn group, an accepted member of the Brussels JUG Google Group (not being in ‘moderated’ state) or being known by the Brussels JUG team prior of being accepted. Being recommended by a Brussels JUG member, joining a JUG meeting or asking the team directly (via mail or during a JUG session) is also an option. All forum registration requests are verified by the administrators before access is granted.

The reason for this policy is, beside of keeping spammers and harvesters away, that we consider the forum as a non-public place (in contrary to the Google Group). Messages about excursions, journey and conference planning, brainstorming and project organisation may contain personal information like emails, phone numbers, addresses, and journey and absence details. Brainstorming is sometimes an exchange of personal opinions that aren’t intended to remain public for the next 200 years.

Currently, we propose the following collective excursions on the forum: FOSDEM 2011, JDC 2011, DEVOXX 2010 and BRUCON 2010. More will certainly follow. Moreover, we would like to propose building work groups for collaborations with the JCP (Java Community Process), the OWASP and other JUGs. If this will work-out depends on your interest in such activities. Other forum topics might be joint trainings for all kind of certifications or FOSS project subjects. More details about these brainchilds later.